Skip to main content

Pomerium

Pomerium is an identity-aware access proxy platform that enforces zero-trust, Context-Aware Access Control (CAAC) for internal web applications and services.

  • Identity-aware reverse proxy for securing internal web apps and services
  • Zero-trust access control using existing identity providers and Single Sign-On (SSO)
  • Context and policy-based authorization for Hypertext Transfer Protocol (HTTP) and HTTPS resources
  • Support for self-hosted and cloud-native deployment models
  • Developer-focused tooling for integrating access control into existing architectures

More About Pomerium

Pomerium provides an identity-aware access proxy (access security) that sits in front of internal web applications, APIs, and dashboards to enforce authentication and authorization using enterprise identity systems.

The platform is oriented toward Zero-Trust Network Access (ZTNA) (security) for HTTP and HTTPS workloads, replacing or complementing traditional VPN-based access to internal resources by evaluating user identity, group membership, and request context at the application edge.

Pomerium integrates with common identity providers (identity and access management), typically via OpenID Connect (OIDC) and Open Authorization 2.0 (OAuth 2.0) protocols, allowing organizations to centralize authentication while delegating fine-grained authorization to policy.

Access decisions are defined using Policy as Code (PaC) concepts (policy management), where administrators specify which users, groups, or device contexts can reach particular routes, paths, or services, enabling consistent enforcement across multiple internal applications.

The proxy component is commonly deployed as a reverse proxy (application networking) in front of internal web services, running as a standalone service, container, or sidecar in Kubernetes or other cloud-native environments, and routing requests based on configured policies and upstream definitions.

Pomerium supports encrypted connections using Transport Layer Security (TLS) (network security), so that both inbound client connections and upstream service connections can be protected, aligning with common enterprise security and compliance requirements for data in transit.

From an architectural perspective, Pomerium fits into access management and zero-trust frameworks (security architecture) where identity, device posture, and network location are treated as signals rather than implicit trust boundaries, and where access is evaluated per request rather than by static network segments.

For enterprises and institutions, the platform is used to provide browser-based access (remote access) to internal tools such as admin panels, developer consoles, monitoring dashboards, and internal APIs, without exposing those services directly to the public internet.

Pomerium’s configuration-driven model (configuration management) allows infrastructure and platform teams to manage access rules through version-controlled configuration files or Infrastructure-as-Code (IaC) workflows, aligning with DevOps and GitOps practices.

In a marketplace or directory context, Pomerium is categorized primarily under ZTNA (security), identity-aware proxy and application access control (application security), and secure remote access for internal web services (remote access), serving security, platform, and infrastructure teams responsible for protecting internal HTTP-based workloads.

At-A-Glance

  • Employees: 15
  • Estimated Annual Revenue: $1M-$10M

Connect

Corporate Headquarters

Los Angeles, CA

Market Segmentation

  • Type: Private
  • Sector: Information Technology
  • Group: Software & Services
  • Industry: Internet Software & Services
  • Sub-Industry: Internet Software & Services

Projects